GitGuardian’s “State of Secrets Sprawl 2026” report reveals a staggering 28.65 million new hardcoded secrets emerged in 2025, reflecting a continuing surge in exposed credentials across public GitHub commits. The issue is escalating beyond public repositories, with internal environments increasingly hosting leaked credentials, particularly tied to critical production systems. Collaboration tools like Slack and Jira also inadvertently facilitate credential sharing during routine tasks, heightening risk.
AI development exacerbates this trend, introducing a myriad of new credentials necessary for diverse tools and integrations. The persistence of exposed credentials remains a significant threat, as some remain valid for years post-exposure, complicating remediation efforts across interconnected systems. This dispersal of secrets makes tracking and managing access more challenging, with vulnerabilities extending across different platforms and workflows. Organizations must proactively address these growing security risks, as secrets sprawl continues to evolve in our increasingly automated development environments.
Source link
